The Internet remains a growing public network. Many companies rely on communication over the Internet using Internet Protocol (IP) to facilitate their business endeavors. However, public access also comes along with security risks. To address enhancement of security on the Internet, the Internet Engineering Task Force (IETF) proposed Internet Protocol Security (IPSec). IPSec is designed to provide authentication and encryption for communication over insecure networks, such as the Internet.
Another issue facing business over the Internet is once a packet is encrypted it cannot easily be compressed. This is because once encrypted there are conventionally no recognizable patterns upon which to seize for a compression algorithm. At one time, modem-based per-packet compression was common. Thus, IPSec encryption would render modem-based compression useless. Accordingly, to address throughput for encrypted traffic, the IETF proposed Internet Protocol Payload Compression (IPComp). IPComp is for systems to agree upon a type of compression for exchanging information. An advantage to compression before encryption is that IPSec and IPComp add overhead, for example additional headers, which may cause a packet to be too large to avoid fragmentation. However, if such a packet may be sufficiently compressed, then fragmentation, even with addition of such overhead, may be avoided.
It should be understood that IPSec adds overhead in part due to a complex negotiation protocol named Internet Key Exchange (IKE). Furthermore, both IPSec and IPComp, individually and collectively, significantly consume computer system resources, thereby hampering performance. More particularly, IPSec and IPComp each conventionally require demanding computations, and accordingly, it would be desirable to offload IPComp or IPSec or both to a lower layer entity that does not consume host central processing unit (CPU) time.
Accordingly, it would be desirable and useful to provide negotiation for and execution of IPSec or IPComp or both at a level that consumes less CPU time. Moreover, it would be desirable and useful if such negotiation was transparent to or otherwise independent of an Operating System (OS).